Patchday Android: Driver vulnerability endangers Pixel smartphones
This month, Google is holding back on Android security updates, but Samsung is distributing multiple patches.
Google Android Bugdroid in front of a lock symbol.
(Image: Primakov/Shutterstock.com)
On the February patch day, Google only released a security update for its Pixel series. If attackers successfully exploit the vulnerability, they can gain higher privileges.
Patch day without patches? Not quite …
Apparently, Google does not consider any Android vulnerability particularly threatening this month. Accordingly, the February security bulletin contains no information on security patches. Since July 2025, Google has only been closing very dangerous vulnerabilities monthly, according to their assessment. The remaining updates have been distributed quarterly since then. Next month, there will probably be more updates again.
However, one vulnerability (CVE-2026-0106, “high”) is indeed found in a warning message for Pixel devices. The vulnerability affects the VPU driver, and after successful attacks, attackers gain higher user privileges. Further information about the vulnerability is not currently available. Anyone who owns a Pixel smartphone that is still supported should ensure that the patch level 2026-02-05 is installed.
Patchdays of other manufacturers
In addition to Google, other manufacturers, such as Oppo and Samsung, also regularly provide selected devices with security patches. This month, for example, Samsung has closed several vulnerabilities classified as “high” in terms of threat level. For instance, attackers with physical access to a smartphone running Android 14, 15, and 16 can execute their commands (CVE-2026-20980).
Videos by heise
Owners of Android devices from this manufacturer should check their settings to see if the security patch package is available for download and install it. So far, there are no reports that attackers are already exploiting vulnerabilities.
(des)
